The Internet Defined: What Is A Security Certificate for Web Pages
What Are They?
Your social security number is a way of validating your identity to most government agencies. Though not exactly the same, security certificates are similar, providing necessary authentication and encryption when performing transactions online.
When you visit a secure website, you should see a padlock symbol either at the top or bottom of your browser window to indicate you have a secure connection. The next step in security is the certificate, which is represented when you see https instead of the normal http. The certificate is linked to a single domain, meaning when you log in or perform a transaction, only the single domain or website is involved. No other sites or third parties can receive the information.
The second part of a security certificate is probably the most important – encryption. This makes certain your data is encrypted when sent. Only the domain with the correct security certificate can decrypt and view information you exchange. This is especially important with financial transactions or personal data transfers.
A security certificate is basically a way for both the website and you to know for certain that all information is valid and secure during your transaction. Both parties are kept safer.
Who Uses Them?
Any site requiring personal information or financial data should always use a security certificate. Most major web-based email providers use certificates to keep your emails private. All online shopping sites should use certificates as well. If not, shop elsewhere to keep your financial data safer. Many social networks and blogging platforms also provide users with a more secure experience through certificates.
Dealing With Expired Certificates
When you visit a website, you may encounter a warning message before the site loads, saying something similar to This Security Certificate Has Expired. Unless you know for certain the error is on your computer, do not continue to the website. Some problems occur on the user side due to a lack of certificate updates or incorrect settings (for more information on fixing that, check the linked article).
An expired certificate more likely means the site has not renewed their certificate though. This can be just a simple lapse on the site owner’s part, or something major, such as someone hacking the site. Even if the https appears, if you receive any message that the certificate has expired, give the site some time to renew their certificate before revisiting.
Any data you submit or receive from the site will not be encrypted. There is also no authentication to ensure you are actually working with the site itself and not a third party posing as the website. Information can easily be redirected to a third party without a certificate.
You should never change your browser settings to ignore certificate settings. This is your first line of defense against fraudulent websites. At the very least, ensure your settings display messages about expired security certificates.
Image Credits: Security Certificate Warning Message / Internet Explorer
Entrust: Security Certificate, at https://www.entrust.net/security-certificate.htm
Microsoft: Using Certificates for Privacy and Security, at https://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/cert_ovr.mspx?mfr=true